Описание
Security update for GraphicsMagick
This update for GraphicsMagick fixes the following issues:
Security issue fixed:
- CVE-2017-6335: Heap out of bounds write issue when reading CMYKA TIFF files which claim to offer fewer samples per pixel than required (bsc#1027255).
Список пакетов
SUSE Linux Enterprise Software Development Kit 11 SP4
GraphicsMagick-1.2.5-4.65.1
libGraphicsMagick2-1.2.5-4.65.1
perl-GraphicsMagick-1.2.5-4.65.1
SUSE Studio Onsite 1.3
GraphicsMagick-1.2.5-4.65.1
libGraphicsMagick2-1.2.5-4.65.1
Ссылки
- Link for SUSE-SU-2017:0918-1
- E-Mail link for SUSE-SU-2017:0918-1
- SUSE Security Ratings
- SUSE Bug 1027255
- SUSE CVE CVE-2017-6335 page
Описание
The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 11 SP4:GraphicsMagick-1.2.5-4.65.1
SUSE Linux Enterprise Software Development Kit 11 SP4:libGraphicsMagick2-1.2.5-4.65.1
SUSE Linux Enterprise Software Development Kit 11 SP4:perl-GraphicsMagick-1.2.5-4.65.1
SUSE Studio Onsite 1.3:GraphicsMagick-1.2.5-4.65.1
Ссылки
- CVE-2017-6335
- SUSE Bug 1027255